fix(api): correct permission enforcement for local API usage

mikehardy · mikehardy · commit 0722d0beb2e6 · 2025-07-09T06:19:26.000-05:00
(cherry picked from commit 35e36f5)
diff --git a/AnkiDroid/src/main/java/com/ichi2/anki/provider/CardContentProvider.kt b/AnkiDroid/src/main/java/com/ichi2/anki/provider/CardContentProvider.kt
@@ -196,14 +196,17 @@ class CardContentProvider : ContentProvider() {
         }
     }
 
-    /** Only enforce permissions for queries and inserts on Android M and above, or if its a 'rogue client'  */
-    private fun shouldEnforceQueryOrInsertSecurity(): Boolean = knownRogueClient()
+    /**
+     * Enforce permissions for queries and inserts on Android M and above.
+     * @see knownRogueClient
+     */
+    private fun shouldEnforceQueryOrInsertSecurity(): Boolean = true
 
-    /** Enforce permissions for all updates on Android M and above. Otherwise block depending on URI and client app  */
-    private fun shouldEnforceUpdateSecurity(uri: Uri): Boolean {
-        val whitelist = listOf(NOTES_ID_CARDS_ORD, NOTE_TYPES_ID, NOTE_TYPES_ID_TEMPLATES_ID, SCHEDULE, DECK_SELECTED)
-        return !whitelist.contains(sUriMatcher.match(uri)) || knownRogueClient()
-    }
+    /**
+     * Enforce permissions for all updates on Android M and above.
+     * @see knownRogueClient
+     */
+    private fun shouldEnforceUpdateSecurity(uri: Uri): Boolean = true
 
     override fun query(
         uri: Uri,
